JWT Decoder
Decode and inspect JSON Web Tokens online. View header, payload and expiration.
How to use: Paste a JWT token to see its decoded header, payload, and expiration info.
How to Decode JWT Tokens
Paste your complete JWT string into the input field above. The tool splits it into three parts — header, payload, and signature — decoding the Base64URL-encoded header and payload into readable JSON. Expiration time (exp claim) is converted to a human-readable date.
Understanding JWT Claims
Common JWT claims include: iss (issuer), sub (subject/user ID), aud (audience), exp (expiration time), iat (issued at), and nbf (not before). Custom claims can contain any application-specific data like roles, permissions, or user metadata.
Frequently Asked Questions
- How do I decode a JWT token?
- Paste the full JWT string (header.payload.signature) into the input field. The tool instantly decodes and displays the header, payload with all claims, and indicates whether the token has expired.
- Is it safe to decode JWT tokens online?
- Yes, when using our tool. The decoding happens entirely in your browser — the JWT is never sent to any server. However, never share JWTs containing sensitive data in tools that transmit data to servers.
- What information does a JWT contain?
- A JWT has three parts: the header (algorithm and token type), the payload (claims like user ID, email, roles, and expiration time), and the signature (used to verify authenticity). Our decoder displays the header and payload in readable format.